Hi list, Here's some information from Spectrum 9.1 I had to add some event handling for DUPLEX_MISMATCH once upon a time.
Cisco Router, Switch, and Firewall devices log many internal events in the device's system log, or syslog. Depending upon device configuration, these syslog events may be sent to Spectrum using traps. Spectrum uses the values of three trap variables to map the trap to a Spectrum Event ID. These mappings are contained in three text files on the SpectroSERVER: - $SPECROOT/SS/CsVendor/Cisco_Router/Rtr.txt - $SPECROOT/SS/CsVendor/Ctron_CAT/Switch.txt - $SPECROOT/SS/CsVendor/CiscoPIX/Pix.txt These text files have the following internal fields, separated by spaces: - An abbreviated classification, for example RCMD or SNMP - A Cisco severity level, a digit from 0 to 4 - An abbreviated text description, for example AUTHFAIL - A Spectrum Event ID For example: CDP 4 DUPLEXMISMATCH 0x011c0214 Further information about the configuration of these text files can be found in CA Spectrum manual #5127, titled Cisco Applications User Guide. In 9.2, the manual name is Spectrum_Cisco_Device_Management_ENU.pdf HTH, --Mark S Mark Serencha - Inforonics Global Services, LLC - (m) +1-781-439-0519 - Mark.Serencha_AT_inforonics.com -----Original Message----- From: Sorrell, Al [mailto:[email protected]] Sent: Wednesday, October 26, 2011 8:05 AM To: spectrum Subject: RE: [spectrum] Event Configuration That particular event handles undefined SYSLOG traps from Cisco devices and has 3 varbinds: # varbind 1 (v 1) is the facility, e.g., CRYPTO # varbind 2 (v 2) is the numeric severity level, e.g., 4 # varbind 3 (v 3) is the message type, e.g. RECVD_PKT_INV_SPI I also spent a long time trying to trace the actual source of that event, but finally gave up and just used it. It's a way to handle various SYSLOG trap events that aren't handled in $SPECROOT/SS/CsVendor/Cisco_Router/Rtr.txt and/or Ctron_CAT/Switch.txt, e.g. 0x210c0e R CA.EventCondition, \ "({v 1} == {S \"AUTHMGR\"} && {v 3} == {S \"SUCCESS\"})" , "0xfff00002 -:-", \ "({v 1} == {S \"AUTHMGR\"} && {v 3} == {S \"START\"})" , "0xfff00002 -:-", \ "({v 1} == {S \"AUTHMGR\"} && {v 3} == {S \"FAIL\"})" , "0xfff00002 -:-", \ "({v 1} == {S \"BGP\"} && {v 3} == {S \"ADJCHANGE\"})" , "0xfff00020 -:-", \ ... >-----Original Message----- >From: Kenneth Kirchner [mailto:[email protected]] >Sent: Tuesday, October 25, 2011 10:06 PM >To: spectrum >Subject: [spectrum] Event Configuration > >Can someone tell me how to find out what variables are available in an >event like 0x00210c0e? This event feeds 4 others, but I cannot determine >where it comes from or what is stored in it's variables. >I have grep'ed the entire spectrum directory for it and I have only >found the EventDisp which is what I already know. I know it's caused >by Syslog traps, but how? I can't find anything in any AlertMap files. >--- >To unsubscribe from spectrum, send email to [email protected] with the >body: unsubscribe spectrum [email protected] T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail. The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
